Bug 2156729 (CVE-2021-4238)
| Summary: | CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Avinash Hanwate <ahanwate> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | aazores, abenaiss, amackenz, amasferr, amctagga, askrabec, bcoca, bdettelb, bkundu, chazlett, davidn, dcadzow, dfreiber, dhellmann, dkenigsb, eaguilar, ebaron, eglynn, ellin, epacific, fdeutsch, gparvin, jburrell, jcammara, jcantril, jchui, jhardy, jjoyce, jkang, jneedle, jobarker, jpallich, jwendell, jwon, lball, lgamliel, lhh, mabashia, matzew, mburns, mfilanov, mgarciac, mkudlej, muagarwa, nboldt, njean, ocs-bugs, oramraz, osapryki, ovanders, owatkins, pahickey, periklis, phoracek, pjindal, rcernich, rfreiman, rgarg, rhos-maint, rhuss, rogbas, rrajasek, scorneli, sfroberg, shbose, simaishi, smcdonal, smullick, spower, stcannon, teagle, tjochec, tnielsen, twalsh, ubhargav, vkumar, vlaad, wlewis, yguenane, zsadeh |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | goutils 1.1.1 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issue significantly reduces the amount of entropy generated in short strings by these functions.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-02-01 07:26:02 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2159855, 2159856, 2159857, 2159520, 2159843, 2159853, 2159854, 2159858, 2159859, 2159860, 2159861, 2159862, 2159863, 2159864, 2159865, 2159866, 2159867, 2159868, 2159869, 2159870, 2159871, 2159872, 2159873, 2159874, 2159875, 2159876, 2159877, 2159878, 2159879, 2159880, 2159881, 2159882, 2159883, 2160086, 2160087, 2160088, 2160089, 2160090, 2160620, 2160621, 2161305 | ||
| Bug Blocks: | 2156730 | ||
|
Description
Avinash Hanwate
2022-12-28 11:24:56 UTC
Created golang-github-rubenv-sql-migrate tracking bugs for this issue: Affects: fedora-36 [bug 2159520] Created golang-github-masterminds-goutils tracking bugs for this issue: Affects: fedora-36 [bug 2159843] This issue has been addressed in the following products: OpenShift Service Mesh 2.1 Via RHSA-2023:0540 https://access.redhat.com/errata/RHSA-2023:0540 This issue has been addressed in the following products: Red Hat OpenShift Service Mesh 2.3 for RHEL 8 Via RHSA-2023:0542 https://access.redhat.com/errata/RHSA-2023:0542 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2023:0449 https://access.redhat.com/errata/RHSA-2023:0449 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-4238 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2023:0565 https://access.redhat.com/errata/RHSA-2023:0565 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2023:0569 https://access.redhat.com/errata/RHSA-2023:0569 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.10 Via RHSA-2023:0561 https://access.redhat.com/errata/RHSA-2023:0561 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.9 Via RHSA-2023:0574 https://access.redhat.com/errata/RHSA-2023:0574 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2023:0651 https://access.redhat.com/errata/RHSA-2023:0651 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2023:0728 https://access.redhat.com/errata/RHSA-2023:0728 This issue has been addressed in the following products: Red Hat OpenShift GitOps 1.6 Via RHSA-2023:0802 https://access.redhat.com/errata/RHSA-2023:0802 This issue has been addressed in the following products: Red Hat OpenShift GitOps 1.7 Via RHSA-2023:0803 https://access.redhat.com/errata/RHSA-2023:0803 This issue has been addressed in the following products: Red Hat OpenShift GitOps 1.5 Via RHSA-2023:0804 https://access.redhat.com/errata/RHSA-2023:0804 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2023:0770 https://access.redhat.com/errata/RHSA-2023:0770 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2023:0774 https://access.redhat.com/errata/RHSA-2023:0774 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.10 Via RHSA-2023:0899 https://access.redhat.com/errata/RHSA-2023:0899 This issue has been addressed in the following products: RHODF-4.12-RHEL-8 Via RHSA-2023:1170 https://access.redhat.com/errata/RHSA-2023:1170 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2023:1159 https://access.redhat.com/errata/RHSA-2023:1159 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.10 Via RHSA-2023:1154 https://access.redhat.com/errata/RHSA-2023:1154 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2023:1270 https://access.redhat.com/errata/RHSA-2023:1270 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2023:1297 https://access.redhat.com/errata/RHSA-2023:1297 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.10 Via RHSA-2023:1393 https://access.redhat.com/errata/RHSA-2023:1393 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2023:1326 https://access.redhat.com/errata/RHSA-2023:1326 This issue has been addressed in the following products: RHODF-4.13-RHEL-9 Via RHSA-2023:3742 https://access.redhat.com/errata/RHSA-2023:3742 |